USN-2100-1: Pidgin vulnerabilities

Ubuntu Security Notice USN-2100-1

pidgin vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 13.10

Ubuntu 12.10

Ubuntu 12.04 LTS

Summary

Several security issues were fixed in Pidgin.

Software description

pidgin
- graphical multi-protocol instant messaging client for X

Details

Thijs Alkemade and Robert Vehse discovered that Pidgin incorrectly handledthe Yahoo! protocol. A remote attacker could use this issue to causePidgin to crash, resulting in a denial of service. (CVE-2012-6152)

Jaime Breva Ribes discovered that Pidgin incorrectly handled the XMPPprotocol. A remote attacker could use this issue to cause Pidgin to crash,resulting in a denial of service. (CVE-2013-6477)

It was discovered that Pidgin incorrecly handled long URLs. A remoteattacker could use this issue to cause Pidgin to crash, resulting in adenial of service. (CVE-2013-6478)

Jacob Appelbaum discovered that Pidgin incorrectly handled certain HTTPresponses. A malicious remote server or a man in the middle could use thisissue to cause Pidgin to crash, resulting in a denial of service.(CVE-2013-6479)

Daniel Atallah discovered that Pidgin incorrectly handled the Yahoo!protocol. A remote attacker could use this issue to cause Pidgin to crash,resulting in a denial of service. (CVE-2013-6481)

Fabian Yamaguchi and Christian Wressnegger discovered that Pidginincorrectly handled the MSN protocol. A remote attacker could use thisissue to cause Pidgin to crash, resulting in a denial of service.(CVE-2013-6482)

It was discovered that Pidgin incorrectly handled STUN server responses. Aremote attacker could use this issue to cause Pidgin to crash, resulting ina denial of service. (CVE-2013-6484)

Matt Jones discovered that Pidgin incorrectly handled certain chunked HTTPresponses. A malicious remote server or a man in the middle could use thisissue to cause Pidgin to crash, resulting in a denial of service, orpossibly execute arbitrary code. (CVE-2013-6485)

Yves Younan and Ryan Pentney discovered that Pidgin incorrectly handledcertain Gadu-Gadu HTTP messages. A malicious remote server or a man in themiddle could use this issue to cause Pidgin to crash, resulting in a denialof service, or possibly execute arbitrary code. (CVE-2013-6487)

Yves Younan and Pawel Janic discovered that Pidgin incorrectly handled MXitemoticons. A remote attacker could use this issue to cause Pidgin to crash,resulting in a denial of service, or possibly execute arbitrary code.(CVE-2013-6489)

Daniel Atallah discovered that Pidgin incorrectly handled IRC argumentparsing. A malicious remote server or a man in the middle could use thisissue to cause Pidgin to crash, resulting in a denial of service.(CVE-2014-0020)

Update instructions

The problem can be corrected by updating your system to the following
package version: